Using plugins like Flash and the -moz-opacity filter it is possible to
display the about:config site in a hidden frame or a new window.
By making the user double-click at a specific screen position (e.g. using a
DHTML game) you can silently toggle the status of boolean config parameters.
As long as the number of about:config parameters is unchanged (unlikely a
casual user will change them) you can move the parameter you want to the
specified screen position by using CSS.
You can also load about:config using the real player plugin and merged url
events. See the real producer documentation for details and merge a command
like "u 0:0:0:0.0 0:0:0:30.0 &&targetframe&&about:config"
__Proof-of-Concept
http://www.mikx.de/fireflashing/
__Status
The bug is marked as fixed in bugzilla. Get a nightly build, compile on your
own or wait for Firefox 1.0.1.
Using plugins like Flash and the -moz-opacity filter it is possible to
display the about:config site in a hidden frame or a new window.
By making the user double-click at a specific screen position (e.g. using a
DHTML game) you can silently toggle the status of boolean config parameters.
As long as the number of about:config parameters is unchanged (unlikely a
casual user will change them) you can move the parameter you want to the
specified screen position by using CSS.
You can also load about:config using the real player plugin and merged url
events. See the real producer documentation for details and merge a command
like "u 0:0:0:0.0 0:0:0:30.0 &&targetframe&&about:config"
__Proof-of-Concept
http://www.mikx.de/fireflashing/
__Status
The bug is marked as fixed in bugzilla. Get a nightly build, compile on your
own or wait for Firefox 1.0.1.
2005-02-01 Vendor informed (bugzilla.mozilla.org #280664)
2005-02-01 Vendor confirmed bug
2005-02-04 Vendor fixed bug
2005-02-07 Public disclosure
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0232 to this issue.
__Affected Software
Tested with Firefox 1.0 and Mozilla 1.7.5
__Contact Informations
Michael Krax <mikx (at) mikx (dot) de [email concealed]>
http://www.mikx.de/?p=10
mikx
[ reply ]